August 2018
Intermediate to advanced
404 pages
10h 22m
English
First, we discovered that the application verifies the files before accepting the upload. There are multiple ways for an application to do this. The most simple and common ways are to check the file extension and the request's Content-Type header; the latter is used in this recipe. To bypass this protection, we changed the content type of the file, which is set by default by the browser to application/x-php, to the type that the server expects so that it will accept the file as an image: image/jpeg.
Read now
Unlock full access